On the Joint Security of Encryption and Signature, Revisited

B. Waters; C. Gentry; D. Boneh; D. Boneh; D. Boneh; D. Freeman; D. Hofheinz; D.H. Phan; E. Kiltz; F. Hess; J. Kelsey; J.S. Coron; K. Kurosawa; K. Rubin; P.S.L.M. Barreto; S.D. Galbraith; T. Acar; T. Matsuda; V. Klíma; Y. Komano

On the Joint Security of Encryption and Signature, Revisited

Authors: B. Waters
C. Gentry
D. Boneh
D. Boneh
D. Boneh
D. Freeman
D. Hofheinz
D.H. Phan
E. Kiltz
F. Hess
J. Kelsey
J.S. Coron
K. Kurosawa
K. Rubin
P.S.L.M. Barreto
S.D. Galbraith
T. Acar
T. Matsuda
V. Klíma
Y. Komano
Publication date: 1 January 2011
Publisher: 'Springer Science and Business Media LLC'
Doi

Abstract

Abstract. We revisit the topic of joint security for combined public key schemes, wherein a single keypair is used for both encryption and signature primitives in a secure manner. While breaking the principle of key separation, such schemes have attractive properties and are sometimes used in practice. We give a general construction for a combined public key scheme having joint security that uses IBE as a component and that works in the standard model. We provide a more efficient direct construction, also in the standard model. We then consider the problem of how to build signcryption schemes from jointly secure combined public key schemes. We provide a construction that uses any such scheme to produce a triple of schemes – signature, encryption, and signcryption – that are jointly secure in an appropriate and strong security model.